<?php require('../data/dbcon.php'); ?>
<?php require('../data/functions.php'); ?>
<?php
session_start();
$UserChk = FALSE;
$rederror = null;
isset($_SESSION['sid']) ? true : $_SESSION['sid'] = '';
if( isset($_POST['login']) ) {
	$login = adminLogin($_POST['user'], $_POST['password']);
	if( $login == TRUE ) {
		
		$user = stripslashes($_POST['user']);
		setcookie('winnguestbook_u', $user, time()+3600);
		$pass = md5(stripslashes($_POST['password']));
		setcookie('winnguestbook_auth', $pass, time()+3600);
		
		header("location: admin.php");
		
	}else{
		$rederror = " style=\"background:#red;\"";
	}
}
if(isset($_COOKIE['winnguestbook_u'])){
	$UserChk = checkUser($_COOKIE['winnguestbook_u'], $_COOKIE['winnguestbook_auth']);
}
if( $UserChk == TRUE ) {
	header("location: admin.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">@import url('../css/body.css'); </style>
<title>Winn Guestbook <?=$version; ?></title>
</head>

<body>
<?php if( $_COOKIE['PHPSESSID'] != $_SESSION['sid'] || empty($_COOKIE['PHPSESSID']) ) { ?>
	<h1>Winn Guestbook <?=$version; ?></h1>
    <div id="login">
    	<h2>Admin Login</h2>
        <table>
        <form action="<?=$_SERVER['PHP_SELF']; ?>" method="post">
        	<tr>
            	<td><p>User:</p></td>
                <td><input <?=$rederror?> type="text" name="user" value="<?=$_COOKIE['user']; ?>" /></td>
            </tr>
            <tr>
            	<td><p>Password:</p></td>
                <td><input <?=$rederror?> type="password" name="password" /></td>
            </tr>
            <tr>
            	<td></td>
                <td><input type="submit" value="Login &raquo;" name="login" onclick="this.value='here we go...'" /></td>
            </tr>
        </form>
        </table>
    </div>
    
<?php }else{ ?>
	<meta http-equiv="refresh" content="0;url=admin.php">
<?php } ?>
</body>
</html>
